From OSSEC Wiki

#!/bin/sh
# Author: Scott Knauss scott<somwhere-close-to>knauss.com (parts from /etc/init.d/skeleton & ossec-control)
#
# /etc/init.d/ossec
#
#   and its symbolic link
#
# /etc/init.d/rcossec
#
### BEGIN INIT INFO
# Provides:       ossec
# Required-Start: syslog
# Required-Stop:
# Default-Start:  2 3 5
# Default-Stop:
# Description:    Start the ossec HIDS daeomon
### END INIT INFO

# Shell functions sourced from /etc/rc.status:
#      rc_check         check and set local and overall rc status
#      rc_status        check and set local and overall rc status
#      rc_status -v     ditto but be verbose in local rc status
#      rc_status -v -r  ditto and clear the local rc status
#      rc_failed        set local and overall rc status to failed
#      rc_failed <num>  set local and overall rc status to <num>
#      rc_reset         clear local rc status (overall remains)
#      rc_exit          exit appropriate to overall rc status
. /etc/rc.status

# First reset status of this service
rc_reset

# Return values acc. to LSB for all commands but status:
# 0 - success
# 1 - generic or unspecified error
# 2 - invalid or excess argument(s)
# 3 - unimplemented feature (e.g. "reload")
# 4 - insufficient privilege
# 5 - program is not installed
# 6 - program is not configured
# 7 - program is not running
# 
# Note that starting an already running service, stopping
# or restarting a not-running service as well as the restart
# with force-reload (in case signalling is not supported) are
# considered a success.

if [ -f /etc/ossec-init.conf ]; then
	. /etc/ossec-init.conf
fi

#Just to make sure ossec is installed ...
CONTROL="$DIRECTORY/bin/ossec-control"

test -x $CONTROL || { echo -n "$CONTROL not installed"; 
	rc_failed 5
	rc_status -v
	if [ "$1" = "stop" ]; then exit 0;
	else exit 5; fi; }

## Locking for the start/stop
LOCK="${DIRECTORY}/var/start-script-lock"
LOCK_PID="${LOCK}/pid"


# This number should be more than enough (even if it is
# started multiple times together). It will try for up
# to 10 attempts (or 10 seconds) to execute.
MAX_ITERATION="10"
NAME="OSSEC HIDS"
AUTHOR="Daniel B. Cid"
DAEMONS="ossec-logcollector ossec-syscheckd ossec-analysisd ossec-maild ossec-execd"

# Lock function
lock()
{
    i=0;
    
    # Providing a lock.
    while [ 1 ]; do
        mkdir ${LOCK} > /dev/null 2>&1
        MSL=$?
        if [ "${MSL}" = "0" ]; then
            # Lock aquired (setting the pid)
            echo "$$" > ${LOCK_PID}
            return;
        fi

        # Waiting 1 second before trying again
        sleep 1;
        i=`expr $i + 1`;

        # If PID is not present, speed things a bit.
        kill -0 `cat ${LOCK_PID}` >/dev/null 2>&1
        if [ ! $? = 0 ]; then
            # Pid is not present.
            i=`expr $i + 1`;
        fi    

        # We tried 10 times to acquire the lock.
        if [ "$i" = "${MAX_ITERATION}" ]; then
            # Unlocking and executing
            unlock;
            mkdir ${LOCK} > /dev/null 2>&1
            echo "$$" > ${LOCK_PID}
            return;
        fi
    done
}


# Unlock function
unlock()
{
    rm -rf ${LOCK}
}

    
# Help message
help()
{
    # Help message
    echo "Usage: $0 {start|stop|restart|status}";
    exit 1;
}


# Status function
status()
{
    for i in ${DAEMONS}; do
        pstatus ${i};
        if [ $? = 0 ]; then
            echo "${i} not running..."
	    rc_failed
        else
            echo "${i} is running..."
        fi
    done   
    echo -n "$NAME $VERSION"
    rc_status -v          
}


# Start function
start()
{
    SDAEMONS="ossec-maild ossec-execd ossec-analysisd ossec-logcollector ossec-syscheckd"
    
    echo "Starting $NAME $VERSION (by $AUTHOR)..."
    lock;

    # We first loop to check the config. 
    for i in ${SDAEMONS}; do
        ${DIRECTORY}/bin/${i} -t;
        if [ $? != 0 ]; then
            echo -n "${i}: Configuration error. Exiting"
	    rc_failed
	    rc_status -v
            unlock;
            exit 1;
        fi    
    done
    
    # We actually start them now.
    for i in ${SDAEMONS}; do
        pstatus ${i};
        if [ $? = 0 ]; then
            ${DIRECTORY}/bin/${i};
            if [ $? != 0 ]; then
                unlock;
                exit 1;
            fi 

            echo "Started ${i}..."            
        else
            echo "${i} already running..."                
        fi    
    
    done    

    # After we start we give 2 seconds for the daemons
    # to internally create their PID files.
    sleep 2;
    unlock;
    echo -n "$NAME $VERSION"
    rc_status -v
}

# Process status
pstatus()
{
    pfile=$1;
    
    # pfile must be set
    if [ "X${pfile}" = "X" ]; then
        return 0;
    fi
        
    ls ${DIRECTORY}/var/run/${pfile}*.pid > /dev/null 2>&1
    if [ $? = 0 ]; then
        kill -0 `cat ${DIRECTORY}/var/run/${pfile}*.pid` > /dev/null 2>&1
        if [ $? = 0 ]; then
          return 1;  
        fi           
    fi
   
    return 0;  
      
}


# Stop all
stopa()
{
    lock;
    for i in ${DAEMONS}; do
        pstatus ${i};
        if [ $? = 1 ]; then
            echo "Killing ${i} .. ";
            kill `cat ${DIRECTORY}/var/run/${i}*.pid`;
        else
            echo "${i} not running .."; 
        fi
        
        rm -f ${DIRECTORY}/var/run/${i}*.pid
        
     done    
    
    unlock;
    echo -n "$NAME $VERSION"
    rc_status -v
}



### MAIN HERE ###


case "$1" in
  start)
	start
	;;
  stop) 
	stopa
	;;
  restart)
	stopa
	start
	;;
  status)
    status
	;;
  help)  
    help
    ;;
  *)
    help
esac

--Scottk 17:21, 23 August 2006 (BRST)